Vulnerabilities > CVE-2006-0479 - Input Validation vulnerability in Pmwiki 2.1Beta20
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | PmWiki 2.1 Multiple Input Validation Vulnerabilities. CVE-2006-0479. Webapps exploit for php platform |
id | EDB-ID:27147 |
last seen | 2016-02-03 |
modified | 2006-01-30 |
published | 2006-01-30 |
reporter | aScii |
source | https://www.exploit-db.com/download/27147/ |
title | PmWiki 2.1 - Multiple Input Validation Vulnerabilities |
Nessus
NASL family | CGI abuses |
NASL id | PMWIKI_21B21.NASL |
description | The remote host is running PmWiki, an open source Wiki written in PHP. The version of PmWiki installed on the remote host allows attackers to overwrite global variables if run under PHP 5 with |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 20891 |
published | 2006-02-13 |
reporter | This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/20891 |
title | PmWiki < 2.1 beta 21 Multiple Vulnerabilities |
code |
|
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0931.html
- http://secunia.com/advisories/18634
- http://securitytracker.com/id?1015550
- http://www.securityfocus.com/bid/16421
- http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/
- http://www.vupen.com/english/advisories/2006/0375
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24366
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24367
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24368